Policy routing question

Unanswered Question
Jul 7th, 2006
User Badges:

I have a customer whom is using a Router on a Stick ( 4232 - L3 blade) to route between their production VLAN's. The router on a stick has two externally facing Gateways that he has default route statements in place for that he load balances to for Internet Access.

I have prepared a Public translation for a Web Server that resides on one of the production VLAN's that will occur across only one of the two external gateways; so I need for the core router to always send the traffic for this Web Server to the specific gateway vs. load balancing between the two.

Pls help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Kevin Melton Fri, 07/07/2006 - 08:46
User Badges:

Your links were helpful up to the point where I went to configure the "ip policy route-map" command on the interface.

this model of router does not have that in the interface configuration mode command string...

this is really weird based upon the fact that it let me configure the route-map just fine. It just seems it will not let me apply it as policy...

Richard Burts Fri, 07/07/2006 - 09:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


It actually makes sense that it would allow you to configure the route map but not allow you to use it (apply it) in Policy Based Routing. Route maps are used for many things besides Policy Based Routing: it can be used to control redistribution between routing protocols, can be used in BGP to help control neighbor relationships. So the code allows you to configure the route map because it is probably a legitimate function in something that is supported in that code. But if Policy Based Routing is not supported in that code then it will not allow you to assign/apply the route map on the interface.



ariela Fri, 07/07/2006 - 10:11
User Badges:
  • Silver, 250 points or more

mmm ... it seems CAT4000 doesn't support PBR ...

Alternative: create a specific vlan only for webserver, default gateway router A, and always on router A use an ACL to permit/deny connections between LAN and webserver.

Just an idea :)



Kevin Melton Fri, 07/07/2006 - 10:24
User Badges:


this is a great idea; I had already created a VLAN (VLAN 6; subinterface IP add is only for the Web Box. But by creating that VLAN, I am mandated to configure the Gateway of the VLAN on the 4232 router. I cant configure it with the Gateway of the Edge router because it is in a different subnet...

ariela Fri, 07/07/2006 - 22:57
User Badges:
  • Silver, 250 points or more

yes, you have to "transport" that vlan to "router A", that is you need a trunk between gateway and 4232. The gateway for vlan 6 will be a subinterface on that trunk.

Remember: to create a subinterface on "router A" you need a fastethernet.

edit: I don't know 4232 router module, but I'm thinking about a L2 switch (CAT4000) with L3 module, isn't it?




This Discussion